Tagged Questions

Microsoft Exchange Server is a widely used email server that is used with all versions of Microsoft's Outlook, Entourage, IMAP, and POP3 clients. It is also used to host Microsoft's Office 365 cloud offering.

I'm new to the security stack exchange, so feel free to edit the question or redirect me to another forum if this is not fitting.
I'm currently working on a web application that will allow the user ...

Suppose I issue a signing certificate in January, and have a daily CRL issued (expires in 1 day) to verify the validity of that signature.
Then sometime in July I need to revoke that certificate.
My ...

We run Exchange 2010. Our edge servers run "passive opportunistic TLS" for 99% of the domains we communicate with. For a handful of domains, we have forced TLS on both our end and the other domain's ...

I have read quite a bit on the subject of securing MS Exchange - most notably the Client Access role. With the retirement of Microsoft's Threat Management Gateway many people seem to be looking for an ...

I'm working on implementing an Exchange 2010 solutions which includes Outlook Web Access, Exchange ActiveSync and Outlook Anywhere. These services use SSL and would be presented on the Internet so our ...

We determined that a number of our account lockout issues are related to Activesync devices using old/expired passwords.
One way to remedy an account lockout issue is to issue and deploy certificates ...

My girlfriend recently had her university MS Exchange account hacked. The attacker took over her email account and started using it to send thousands of spam emails. After a while, her email account ...

A script is currently being run against my exchange server attempting to access resources on port 25 SMTP. This is generating event 4776 within Windows event logs. How can I stop this? Would I need to ...

A vendor is asking me to change the PSLanguageMode from within IIS on my Exchange server(s).
What potential vulnerabilities am I opening myself up to?
I'm surprised to see this option present within ...

When should email be protected by 2 factor authentication?
Suppose a given company is in an industry where two factor authentication is offered to some or all of its clients. Does this mean that it ...

Yesterday, I got an alert from a client's IDS that a Base64 auth packet was detected. Looking at the ASCII decode, I can see that it is for their OWA (Outlook Web Access), and indeed, the auth info ...